彙總 nuxt 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 跨站腳本、路徑處理缺陷與SSRF 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與檔案覆寫 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-34405 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5. | [email protected] | 6.1 | 0.03% | 2026-03-31 | 2026-04-13 |
| CVE-2026-34404 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5. | [email protected] | 6.9 | 0.06% | 2026-03-31 | 2026-04-09 |
| CVE-2025-52662 | A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools | [email protected] | 6.9 | 0.03% | 2025-11-07 | 2026-02-04 |
| CVE-2025-59414 | Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. The vulnerability occurs in the client-side payload revival process (revive-payload.client.ts) where Nuxt Islands are automatically fetched when encountering serialized | [email protected] | 3.1 | 0.01% | 2025-09-17 | 2025-12-03 |
| CVE-2025-27415 | Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served | [email protected] | 7.5 | 0.26% | 2025-03-19 | 2025-12-03 |
| CVE-2024-42352 | Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The `new URL` constructor is used to parse the final path. This constructor can be passed a relati | [email protected] | 8.6 | 0.10% | 2024-08-05 | 2024-09-19 |
| CVE-2024-34344 | Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. | [email protected] | 8.8 | 1.31% | 2024-08-05 | 2024-09-19 |
| CVE-2024-34343 | Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's provided by `unjs/ufo`. This library also contains parsing discrepancies. The function first tests to see if the specified URL has a protocol. This uses the unjs/ufo package for URL parsing. This function works effectively, and returns true for a javascript: protocol. After this, the URL i | [email protected] | 6.3 | 0.10% | 2024-08-05 | 2024-09-19 |
| CVE-2024-23657 | Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this vulnerability. In certain configurations an attacker could leak the devtools authentication token and | [email protected] | 8.8 | 1.62% | 2024-08-05 | 2024-09-20 |
| CVE-2023-3224 | Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | [email protected] | 9.8 | 2.11% | 2023-06-13 | 2024-11-21 |
| CVE-2023-0878 | Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. | [email protected] | 6.1 | 0.31% | 2023-02-17 | 2025-05-01 |
| CVE-2022-4414 | Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | [email protected] | 6.1 | 0.36% | 2022-12-12 | 2024-11-21 |
| CVE-2022-4413 | Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | [email protected] | 6.1 | 0.23% | 2022-12-12 | 2024-11-21 |